Granting Access to Your Account

If you need to give someone access to log in to your account (as you),
you can do so through Kerberos, without revealing your password, by putting
a .k5login file in your home directory. A .k5login file is a list of one or more Kerberos principals corresponding
to each person for whom you want to grant access. Each principal must be on
a separate line.

Suppose that the user david keeps a .k5login file
in his home directory that looks like the following:

jennifer@ENG.EXAMPLE.COM
joe@EXAMPLE.ORG

This file allows the users jennifer and joe to
assume david's identity, provided that they already have
Kerberos tickets in their respective realms. For example, jennifer can remotely
log in to david's machine (boston),
as him, without having to give his password.

Figure 26–1 Using the .k5login File
to Grant Access to Your Account

In the case where david's home directory is NFS-mounted,
using Kerberos V5 protocols, from another (third) machine, jennifer must
have a forwardable ticket in order to access his home directory. See Creating a Kerberos Ticket for an example of using
a forwardable ticket.

If you will be logging in to other machines across a network, you'll
want to include your own Kerberos principal in .k5login files
on those machines.

Using a .k5login file is much safer than giving out your password for these
reasons:

You can take access away any time by removing the principal
from your .k5login file.

Although users principals named in the .k5login file
in your home directory have full access to your account on that machine (or
sets of machines, if the .k5login file is shared, for
example, over NFS). However, any Kerberized services will authorize access
based on that user's identity, not yours. So jennifer can
log in to joe's machine and perform tasks there. However,
if she uses a Kerberized program such as ftp or rlogin, she does so as herself.

Kerberos keeps a log of who obtains tickets, so a system administrator
can find out, if necessary, who is capable of using your user identity at
a particular time.

One common way to use the .k5login file is to put
it in root's home directory, giving root access
for that machine to the Kerberos principals listed. This configuration allows
system administrators to become root locally, or to log
in remotely as root, without having to give out the root password, and without requiring anyone to type the root password
over the network.

Example 26–4 Using the .k5login File
to Grant Access to Your Account

Suppose jennifer decides to log in to the machine boston.example.com as root. Because she has an
entry for her principal name in the .k5login file in root's home directory on boston.example.com,
she again does not have to type in her password.